hacking

How to Hack Random Accounts In A Few Easy Steps

While this method may not technically be hacking, it definitely exploits a weakness in uninformed users. Perhaps you've heard of the site, http://www.fakemailgenerator.com/. It's commonly used by people to create a free temporary email address to use when you want to avoid getting spam to your primary email account. However, people frequently use this site to register for accounts to things like, facebook, gmail, or any other site they don't want to use their primary email for. Most people that use this site either don't care or don't realize that any one can see the emails that are on this site, as long as you know the name of the email address. Here is a screenshot from their FAQ that explains this:

FakeMailGenerator

So basically, anyone can have access to the the inbox of any email address on this site, just by knowing the name of the email address. You may be thinking now, "Well that's dumb. I'll never be able to guess the name of an email address that's been used in the past 24 hours!"

Well, actually it's not that hard at all. Currently they have 10 domains names to choose from, and any one can pick any email address from any of these domains:

How to Recover Saved Passwords from Browsers, RDP, VNC, Network Shares, Outlook, IM, and More

This script simply silently runs the most useful password recovery tools from www.nirsoft.net. The password recovery tools from nirsoft.net are highly valuable to anyone that has either forgotten their passwords, or wants to steal someone else's passwords. The list of passwords it can recover is very lengthy, and listed entirely at the bottom of this article. (You should only use these tools on your own computer. Never use them to recover passwords of a computer you don't have permission to do so on.)

A few of the applications this script will recover passwords from are: Chrome, FireFox, Opera, Internet Explorer, Windows Shares/Network, MSN Messenger, Yahoo Messenger, GAIM, Outlook, Wireless Passwords, RDP (Remote Desktop Protocol saved passwords), and VNC.

web-sorrow - A Remote Web Scanner for Misconfiguration, Version Detection, and Server Enumeration Written in Perl - Wsorrow.pl

Wsorrow.pl is a remote web scanner. It can scan for web server misconfiguration, version detection, enumeration, and server information. Written in perl, this script will run out-of-box on most Linux systems, including Ubuntu and openSUSE. While there are many other scripts and programs that perform similar scans, web-sorrow is versatile and useful enough to be included in your toolbox.

NOTE: Web-Sorrow has now been updated to 1.4.9, so be sure to try out the latest version!

Some of the more notable features of web-sorrow are:

  • CMS (Content Management System) detection
  • Port scanning
  • Login page scanning
  • Proxy support
  • Error bagging
  • Standard tests (see below for full list)

To download the latest version (1.2.7) and unzip it, go here, or run these commands (If your distro doesn't come with unzip, you may need to install that package):

wget http://web-sorrow.googlecode.com/files/Wsorrow_v1.2.7.zip

unzip Wsorrow_v1.2.7.zip

To run the script with no switches, run this command:

perl ./Wsorrow.pl

+ web sorrow 1.2.7 Version detection, misconfig, and enumeration tool

dnsmap .3.0 - Find Subdomains by Brute-Forcing

Dnsmap is a subdomain brute-forcing program. It has a built in word list, which makes it easier than ever to use. If you have your own list of subdomains, you can use that instead. Dnsmap is meant to be used by responsible pentesters during the information gathering/enumeration phase of infrastructure security assessments. Only use this tool on domain names you have permission to use it on (such as your own, or ones belonging to the person who is paying you).

Note*** You may want to consider using gxfr.py to find subdomains. This script filters through google search results for subdomain names. It is a very effective passive subdomain finder. Here is a tutorial on it: http://itswapshop.com/tutorial/gxfrpy-sub-domain-discovering-script-using-google-queries

To download and compile dnsmap, run the following commands (tested on Ubuntu and openSUSE):

wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
tar -xzf dnsmap-0.30.tar.gz
cd dnsmap-0.30/
make
sudo make install

Simply add a domain name after dnsmap to run the program:

dnsmap my-domain.com
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)

gxfr.py - A Sub-Domain Discovering Script Using Google Queries

If you are trying to find all available sub-domains for a domain, you have a few options available:

  1. axfr - Most likely won't work, as the DNS server probably isn't configured to transfer zones to any host.
  2. Brute Force - There are tools, such as dnsmap, that will use wordlists to guess sub-domains. Here is a tutorial on dnsmap: http://itswapshop.com/tutorial/dnsmap-30-find-subdomains-brute-forcing
  3. Google - Since Google indexes everything, naturally they would have indexed the public facing web servers of the sub-domains you are trying to find.

Using Google is the first thing you want to try, as brute forcing is a questionable technique, and you probably won't be able to perform a zone transfer. Using Google to find sub-domains is also the only passive method for searching sub-domains. The other two methods involve directly querying DNS servers. Using custom Google queries related to the domain name and then filtering through the search results looking for sub-domains is effective, but can become quite a pain. This is where gxfr.py comes in. It automates the entire process. Here is a link to the google code page:

http://code.google.com/p/gxfr/

To download and install, run these commands:

How to Change the Default SSH Port in Ubuntu

Changing the default SSH listening port is a quick and easy way to prevent random traffic and common attacks from "script kiddies". It won't make your system more secure, it will just make it slightly more difficult for an attacker. The main reason why you would change the listen port from 22 to something else is to stay out of the way of broad internet port scans that are seeking out common ports. In my example I will be using Ubuntu 10.10, however, this should work on any current version of Ubuntu.

Open this file using your favorite text editor: /etc/ssh/sshd_config

sudo vim /etc/ssh/sshd_config

Simply modify the line "Port 22" to whatever port you want that isn't currently being used. The most common SSH alternative port is 2222. Then run this command for that change to take effect:

sudo reload ssh

If that command doesn't work on your OS, run this:

sudo /etc/init.d/ssh reload

That's it. You can now test it by opening a terminal and trying to connect to the local host on the new port:

ssh -p 2222 localhost

If you are looking for additional security for SSH, check out this tutorial on installing and configuring fail2ban:

How to Crack SSH, FTP, or Telnet server using Hydra - Ubuntu

Hydra is a tool that makes cracking protocols such as ssh, ftp and telnet relatively easy. In my example, I will be cracking SSH using Hyrda 5.9.1 on Ubuntu 10.10 64 bit (***Update for Ubuntu 12.04 - Replace all references of Hydre 5.9.1 with Hyrda 7.3, which can be downloaded here). Although this example uses Ubuntu, these commands should work on any Debian based system such as Debian and Linux Mint. Hydra uses password lists to brute force the SSH server. If you need help finding a good password list, check here:

http://www.google.com/search?aq=f&sourceid=chrome&ie=UTF-8&q=password+list

Here is what my password list looks like (this is a short list that I made solely for this tutorial):

 

To begin, we will need to install a few packages:

  • sudo apt-get install libssh-dev nmap build-essential linux-headers-$(uname -r) libgtk2.0-dev libssl-dev cmake

I put nmap in there just to do fingerprinting before we attack. Run the following for the nmap scan:

Subscribe to hacking